1 files changed, 33 insertions, 0 deletions

diff --git a/common/src/main/java/org/onap/so/security/CorsBasicHttpSecurityConfigurer.java b/common/src/main/java/org/onap/so/security/CorsBasicHttpSecurityConfigurer.java
new file mode 100644
index 0000000000..27c998f87d
--- /dev/null
+++ b/common/src/main/java/org/onap/so/security/CorsBasicHttpSecurityConfigurer.java
@@ -0,0 +1,33 @@
+package org.onap.so.security;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.stereotype.Component;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import java.util.Arrays;
+
+@Component("cors")
+@Profile({"cors"})
+public class CorsBasicHttpSecurityConfigurer implements HttpSecurityConfigurer {
+
+    @Override
+    public void configure(final HttpSecurity http) throws Exception {
+        http.cors().and().csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
+                .antMatchers("/**").fullyAuthenticated().and().httpBasic();
+    }
+
+    @Bean
+    CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+        configuration.setAllowedOrigins(Arrays.asList("*"));
+        configuration.setAllowedMethods(Arrays.asList("OPTIONS", "GET", "POST", "PATCH"));
+        configuration.setAllowCredentials(true);
+        configuration.setAllowedHeaders(Arrays.asList("*"));
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+        return source;
+    }
+}